Collaborate Disseminate
I am developing a public website (with https) where each user is going to register and save confidential data, this data needs to be encrypted/decrypted only by the user. I need help to know how to produce the:
passphrase
salt
key
Goal I’d like to tighten my Content Security Policy.
Situation
I have a single page react application (= All code and styles are bundled together into a bundle.js file). The file is simply placed on a file storage server (Concrete: S3 buck… Continue reading CSP for Single Page App: Use client-side nonce for securing iframe content
I have a client side certificate from cloudflare (non-root) that i install on our devices in order to gain access to our sites that ask for a client side certificate from browsers. This works perfectly well on desktop browsers on linux, wi… Continue reading client side certificate installed on ios 16 are not being sent by browsers on that device when a server requests for a identity cert
I want to know client information when accessing my website as an identifier so I can filter who are deserve to access my website.
So far I only know this useful information from client those are User-Agent and Client Public IP Address.
Wh… Continue reading What are the most common client info when accessing website?
Corporate email services often use web-based solutions like gmail or office365.
Is there any valid security concern in allowing third party email clients if two factor authentication
is enabled on the email accounts?
Continue reading Are there any reasons to forbid employees from using desktop email clients?
There are sound reasons not to put any secrets, PII or other sensitive information into the logs on the server side (see OWASP ASVS V7).
But should the same rule apply on the client side? Is there a sound reason we should prohibit devs fro… Continue reading Logging secrets in the user agent (browser)
when my client tries to authenticate with Radius servers it gives following error:
unable to get local issuer certificate
As per my understanding, this is a trust chain problem or, in other words, my client is missing the CA certificate.
W… Continue reading Client CA certificate & RADIUS
I didn’t find anything related to this. Help out here a little.
Pseudocode: https://pastebin.com/riecfFu4
CLIENT CODE:
function Login()
{
form f = {username, password};
WWW request = SendRequest("https:/…/login.php", f);
wait request;
if(request.error != NULL || request…. Continue reading Client-Server: How wrong is this kind of request? [closed]
Picture a state of the art implementation of a website registration and login system.
I’m interested in analyzing what a defender gains and loses by feeding the user password to a key-stretching KDF function (e.g. argon2).
Let’s start from… Continue reading On the gains and losses of an additional client side stretching of the user password